Bug#863217: libgmp10:amd64: gmp_snprintf tries to allocate 18 EB on long strings
Vincent Lefevre
vincent at vinc17.net
Tue Jan 21 17:03:39 GMT 2020
Control: tags -1 fixed-upstream
On 2017-05-23 21:43:06 +0200, Vincent Lefevre wrote:
> Consider the following program:
>
> #include <stdio.h>
> #include <gmp.h>
>
> int main(void)
> {
> int r;
> long n = -1;
>
> r = gmp_snprintf (NULL, 0, "%2147483600s%100s%ln", "", "", &n);
> printf ("%d %ld\n", r, n);
> return 0;
> }
>
> On my Debian/unstable x86_64 machine (GMP 6.1.2 provided by the Debian
> package), I get after 273 seconds:
>
> GNU MP: Cannot allocate memory (size=18446744071562067968)
With upstream's GMP 6.2.0, I get:
-1 -1
So the bug is fixed upstream.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the debian-science-maintainers
mailing list